Risk actors are abusing ChatGPT’s content-sharing characteristic to show pretend OpenAI outage pages that direct customers to obtain malware disguised because the ChatGPT desktop utility.
The “LLMShare” marketing campaign, found by Push Safety, makes use of Google advertisements to direct customers trying to find ChatGPT to a malicious shared ChatGPT web page hosted on chatgpt.com, permitting the assault to be delivered by a professional OpenAI area.
Customers who click on the commercial are taken to a professional ChatGPT shared web page, however as a substitute of seeing a chat dialog, they’re introduced with a rendered outage discover claiming the net model is unavailable and that they need to obtain the desktop utility as a substitute.
“We’re experiencing excessive site visitors proper now,” reads the pretend outage message.
“Our web site is quickly unavailable because of numerous customers. Obtain our desktop app to proceed.”
Not like conventional phishing pages hosted on attacker-controlled infrastructure, the pretend outage discover is rendered by ChatGPT itself.
The attackers created a customized HTML web page utilizing ChatGPT’s rendering capabilities and revealed it by a shared chatgpt.com/s/ hyperlink, permitting the pretend outage discover to be displayed from a professional ChatGPT URL.
Push Safety famous that the web page consists of “Present code” and “Remix with ChatGPT” controls, revealing that the pretend outage discover is definitely generated from customized HTML and CSS rendered by a ChatGPT immediate.
If the customer clicks on the obtain button, they’re delivered to an internet site at openew[.]app that impersonates OpenAI’s desktop utility obtain portal.
The researchers say the positioning makes use of cloaking to show content material solely to focused victims. When safety platforms like URLScan visited the URL, they have been proven a innocent AR/VR firm web site as a substitute.
The web site affords each macOS [VirusTotal] and Home windows [VirusTotal] downloads that set up malware on gadgets. Whereas it’s unclear what payloads are finally deployed, earlier campaigns abusing AI platform sharing options have distributed infostealers.
BleepingComputer’s check of the Home windows model on Any.Run discovered that it executes numerous instructions to find out whether or not the gadget is a professional pc or a digital machine.
Push Safety additionally noticed assaults abusing Claude Artifacts, Anthropic’s characteristic for sharing rendered purposes and content material, to host ClickFix-style lures that tricked customers into executing malicious instructions.
AI platforms’ sharing options have been abused previously to distribute malware to unsuspecting victims.
Earlier this 12 months, menace actors used Google ads to direct customers trying to find Claude downloads to shared Claude conversations containing malicious set up directions.
Different campaigns abused shared ChatGPT and Grok conversations that carried out ClickFix assaults by impersonating software program set up guides that instructed victims to execute instructions that put in malware.
Automated pentesting instruments ship actual worth, however they have been constructed to reply one query: can an attacker transfer by the community? They weren’t constructed to check whether or not your controls block threats, your detection guidelines fireplace, or your cloud configs maintain.
This information covers the 6 surfaces you truly have to validate.
